| MD5 conversion problem (16 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, I'm struggling with the string conversion to MD5 which I've never user before. I have a string that I need to encode which looks approximately like this: "pva:0.05:101214:pa7735tH:inv desc 205308:shp Email petera gudzon.net:lang ru:shp PaymentNo 20040825205308:shp UserID pva:shp Price 2.95:shp HostPlan BU:shp Term 2" I'm doing it this way: Dim hashedBytes As Byte() Dim md5 As New MD5CryptoS... |
|
| Required permissions to set Process.PriorityClass in Win 2003 serv (6 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi All, I have an asp.net application that needs to set it's priority to normal, but I get access denied when the below code executes. The reason I have to do this is I use a third party com component and it changes the priority to high, so I want to bang it on the head to make it normal again. System.Diagnostics.Process process System.Diagnostics.Process.GetCurrentProcess(); process.PriorityClass... |
|
| Login failed for user '(null)'. Reason: Not associated with a trusted SQL (4 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| I am losing lots of hair over this issue. We are trying to implement windows authentication from a web server to a database server. The web server is on a domain; the db server is not... does this matter? the IUSR machinename user from the web server has been added as an account on the db server and also been to added to db logins and given access to the databases that it will need access to. My w... |
|
| HELP! CreateProcessWithLogonW issue (13 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, I hope someone can help me with this it's driving us all nuts. We have an ASP.Net web application that must run an external executable to accomplish a document merge function. We got this to work on Windows XP using the following code (low level API calls). Before we call the RunIt method, we successfully impersonate with the same Domain/UserID/Password as is passed into the method. As I said,... |
|
| ASP.NET with ADirectory role based authentication (10 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi Everyone, I have some Questions relating to Active Directory and Asp.net. 1)I have created a role based authorisation using SQL Server but i want to use Active Directory as a datastore now? 2)Now if i want to allow the user to login credentials against the Active directory and then implementing the roles i have in my Database would i need to have roles in my Active Directory? 3)What i really wa... |
|
| Cannot execute DTS package (4 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, Our SQL server used to run under System account, and I had no problems executing DTS packages from the ASP.NET: Dim oPkg As DTS.Package oPkg CreateObject("DTS.Package") oPkg.LoadFromSQLServer("WIN2000", , , DTS.DTSSQLServerStorageFlags.DTSSQLStgFlag UseTrustedConnection, , , , "Import DPCK") oPkg.Execute() oPkg.UnInitialize() oPkg Nothing Then we switched to the different account, and I can... |
|
| WindowsPrincipal.IsInRole() problem with non-builtin roles (5 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Can't get WindowsPrincipal.IsInRole() to work for me when using Windows Authentication. Here's a snippit of code from my C# codebehind page: WindowsPrincipal wp new WindowsPrincipal( WindowsIdentity.GetCurrent() ); lblUser.Text wp.Identity.Name; Label1.Text wp.IsInRole(@"DOMAIN\group").ToString(); where "DOMAIN\group" is a valid group name. The username shows up correctly as "DOMAIN\username" but ... |
|
| Asp.net impersonate (5 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, My global.asax contains: authentication mode "Windows" / identity impersonate "true"/ in my aspx page Environment.UserName returns the correct impersonated username, but Environment.GetEnvironmentVariable("USERPROFILE") returns the userprofile of the ASPNET user, being: C:\Documents and Settings\COMPUTERNAME\ASPNET (Strange behaviour, but I asume that this is by design.) Is there no way to ret... |
|
| System.UnauthorizedAccessException (8 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, I'm using this code to access a network share from an asp.net page: Dim dir As DirectoryInfo New DirectoryInfo("\\10.0.0.150\FormLib\") Dim files() As FileInfo dir.GetFiles("*.eps") When I try to do it, I get this error: System.UnauthorizedAccessException: Access to the path "\\10.0.0.150\FormLib\" is denied. at System.IO. Error.WinIOError(Int32 errorCode, String str) at System.IO.Directory... |
|
| Required permissions cannot be acquired? (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I've posted a similar question in the microsoft.public.sqlserver.reportingsvcs group, but I need to solve this and it is more of a .NET/permissions issue anyway. However, it is in the context of RS' forms authentication, which is making it more difficult for me to understand/debug. I have forms authentication in SQL RS working like a charm. (For more info, see http://msdn.microsoft.com/library/?ur... |
|
| RegEx for XSS (Cross-Site Scripting)? (3 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Trying to use the RegularExpressionValidator with the following expression [^0 9a zA Z] which functions well when using code with the System.Text.RegularExpressions class but the same expression will not function when used with the RegularExpressionValidator leaving me wondering "what?" The expression 'negates' any entry but those alphanumeric characters 0 9, a z and A Z thus I assume this express... |
|
| Process class and .NET security (4 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi all, I posted this message a couple of days ago on microsoft.public.dotnet.framework and never got a response. I am trying here because it involves security but it's not ASP. If someone has a better idea where this post should go, please let met know. Here is my problem: I am using the Process class in my application, right at the beginning of the static Main method. I am using the Process clas... |
|
| Windows Auth - Active Directory (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, I have a web application that uses windows authentication. All the users log in using an active directory account. When an authenticated user performs certain actions I would like to retrieve specific information from their active directory record (email address, etc). I can obviously get their "domain\account" from HttpContext.Current.User.Identity.Name but what is the easiest way to acces... |
|
| AD forms authentication (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| I am trying to authenticate to ad using this how to http://msdn.microsoft.com/library/default.asp?url /library/en us/dnnetsec/html/secnetlpMSDN.asp The server is W2k3 and auth hangs here: **************************************************************************** **** string adPath @"mypath"; LdapAuthentication adAuth new LdapAuthentication(adPath); lblError.Text "I made it this far!"; if(true ad... |
|
| CredentialCache.DefaultCredentials not working! (4 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, I'm trying to use the CredentialCache.DefaultCredentials to pick up the credentials of the current user but its not working correctly. I've switched off anonymous access and gone thru the code in debug mode but I keep getting a 401 security exception. The code works perfect if I hard code a user name and password. After a lot of messing around I got it to work on the server (if I navigate to t... |
|
| HttpContext.Current.User.IsInRole(string) always returns false (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I have a asp.net 1.1 site and HttpContext.Current.User.IsInRole(@"MyLocalComputer\MyGroup") always returns false. I've turned off anonymous access in iis, set the impersonate true in the web.config, even tried to impersonate via code using this. I've tried this on XP Pro as well as 2003 server with the same results. System.Security.Principal.WindowsImpersonationContext impersonationContext; impers... |
|
| Impersonation, DirectoryServices (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi I'm trying to set the password for a user in AD, but I get Access Denied. I don't use the logged on users credentials when I add the user to AD, instead I supply username and password when I get the initial DirectoryEntry. I am NOT a user in the domain. When I run the code from a console app, or an asp.net app without impersonation it works. Even if I impersonate myself in asp.net it fails. Doe... |
|
| Adding parameterized values. Which is more secure. (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello. Adding some data to a sql server 2000 table. Is the later more secure than the former? If so, why? SqlCommand sqlCmd new SqlCommand(update, sqlConn); sqlCmd.Parameters.Add("@hashedPass", user.HashedPassword); SqlCommand sqlCmd new SqlCommand(update, sqlConn); sqlCmd.Parameters.Add("@hashedPass", SqlDbType.NVarChar, 255).Value user.HashedPassword; Thanks in advance. Ryan Taylor |
|
| How to limit access to admin subfolder using web.config file? (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I'm in quite of a dilemma, and for the first time: all the articles and discussion forums on the 'net hasn't helped me get rid of my page errors :( I have my web.config file in the root directory. I have a subdirectory called /admin/ underneath it. I want all users to be able to view any page in the root directory. If a user tries to access any page in the /admin/ subfolder, I want him/her to be r... |
|
| Problems with page aspx (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi I have a windows service that run a aspx page in the url http://ip/raimserver/ris/cpr002.asxp with user and password and produce an error: Time Out sending request. RIS server can be down. Exception is :System.Net.WebException: The remote server returned an error: (401) Unauthorized. I have windows 2000 and IIS 5 In IIS logs I see that the user doesn't arrive. What's the function of user ASPNET... |
|
| Getting Group Membership (3 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, I'm trying to do something that I think should be pretty easy, take the user who is authenticated with the application (intranet application/ integrated windows authentication), and determine if they are in "this group". Before, I had queried active directory, got the list of groups for the user and compared, but then I realized that the IsInRole Function may actually work in this case. I trie... |
|
| Accessing objects in active directory via asp.net (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi everybody, I want to retrieve information about objects in active directory windows 2000 and their properties. I got some codes that don't work absolutely. for example I can't retrieve users list and group list separatedly.there is my code that downloaded from the internet : public class LdapAuthentication { private string path; private string filterAttribute; public LdapAuthentication(string p... |
|
| SymmetricAlogrithm and single quotes (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I am using SymmetricAlgorithm to encrypt and decrypt passwords. I want to know if the resulting output from createDecryptor can potentially contain a single quote. Ultimately, I need to know whether to handle that possible single quote in my code when using a SQL query and wrapping single quotes around the value. Thanks...k |
|
| System.UnauthorizedAccessException: Access is denied (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, We have a simple 3 tier application which its core application is VC 6.0 ATL COM running as a server application in the COM . An asp pipe is in charge of handling the requests and passes it to the COM for processing. We are now trying to migrate the asp pipe to Asp.Net (C#). When running the above configuration with Asp.Net on IIS 5.0 (W2K) we have no problems but when trying the do it on IIS ... |
|
| BUG With FormsAuthentication (6 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| The authentication cookie with custom user is not available or the user data is gone after a redirect. In other words all the examples on the net on how to do custom FormsAuthentication don't work! Is there a workaround for this? Barry Software Engineer Hogeschool Rotterdam The Netherlands |
|
| Create Directory (3 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, I am having a permissions problem when creating a directory. The relevant bits of my code look like this: // impersonate current user: WindowsIdentity ident (WindowsIdentity) HttpContext.Current.User.Identity; context ident.Impersonate(); name ident.Name; isauth ident.IsAuthenticated; authtype ident.AuthenticationType; // create the directory // I've also tried using DirectoryInfo.Create() ... |
|
| DllImport Error (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello friends, I need to load an unmanaged dll(which i wrote for license control) from system32 folder and then my asp. net project will read the values from there.(I'll write the full code to the bottom) I get an "Object reference is not set an instance of an object error"...This code works in my local machine , but in our remote machine there was a problem that i told above. I can only fix the p... |
|
| Windows autentication with WindowsPrinicipal (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, I'm using Windows Authenetication with my code below with Windows Principal. I noticed that when i use IsinRole with "BUILT\Administrator its does work fine but when i use DomainName\GroupName it doesn't go. Does anybody know what 'm doing wrong? Pls forward ur ideas! Thanks Private Sub Page Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 'Put user code ... |
|
| DPAPI Enterprise Services Example (6 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I am trying to work through the sample from msdn, "How To Use DPAPI (User Store) from ASP.NET with Enterprise Services". I thought I had everything configured correctly. I tried to test the service and get the following error.(Sorry for encluding every line). I am confused as to what setting is incorrectly set. Additionally, the paragraph on giving asp.net access doesn't help me at all. Thanks for... |
|
| Windows Authentication with Asp.net and against Active Directory (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| How can i use Windows authentication in IIS against AD. How will i create a WindowsPrincipal object(with asp.net) in the Context.User property that is used for providing identity and authorization services to my application. How will i use the IsInRole method in WindowsPrincipal to return true or false based on the user's AD group membership. If u have any code articles and resources please pass i... |
|
| You are about to be redirected to a connection that is not secure (6 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I have an application where I move a user from http to https to http. On every move from https to http I get the following popup: You are about to be redirected to a connection that is not secure......... I running on Windows 2000 with IE Version 6 with SP1 I have tried unticking the following from Tools InternetOptions Advanced Warn if changing between secure and not secure Warn if forms submitta... |
|
| Web Services Encryption (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I am becoming familiar with the standards and practices of secure Web Services, particularly encrypting the messages with Tokens. What I don't understand, and I can't find in documentation, is what type of encryption is used with the tokens, and how the key(s) are passed from the client to the service to decrypt the message. I need to know this so I can be assured that an intercepted message canno... |
|
| Folder access by ASP.Net application (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I have an ASP.NET application that needs to read/write from to the IIS application directory and its subdirectories. The application is configured to use form authentication and thus it has the following entries in web.config: authentication mode "Forms" forms name "CommerceAuth" loginUrl "login.aspx" protection "All" path "/" / /authentication authorization deny users "?" / allow users "*" / /aut... |
|
| Opening new session (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi All! As it is possible to open new session (new SessionId , new ASP.NET SessionId) ? Thanks a lot! Michael |
|
| authentification (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi guys, Couple of general questions for you. Background is I'm about to start writing version 2 of a client's intranet system in .NET (originally ASP). Just wanted to ask... First of all, I'm looking at using forms authentification with a database. So am I right in thinking that I need to put something in Web.Config to tell the app to go and validate from a seperate file (one that loads the db an... |
|
| Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. (10 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Using latest SP Win2k and .NET versions, I have a .NET application running on server1 with a SQL Server database running on server2. I have the Windows user account passwords sync'd for server1\aspnet (installed by .NET Framework and server2\aspnet (created by me this machine has no .NET Framework on it). The aspnet user on the database server (server2) has access to the database. I still get: Log... |
|
| Impersonate Identity doesn't work on the server (4 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hello, In my application I have to impersonate users, so I add identity impersonate "true" / to the Web.config file. As long as I run the application on my PC everything works fine. As soon as I put the application on the server I cannot run the application at all, I get an "Access denied" error. When I remove impersonation everything works OK. What can I do about it? Whithout impersonation my app... |
|
| Compiler Error (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Anyone, any ideas on this, it happened after a security hardening was done on this server. How do I fix it please. Compilation Error Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately. Compiler Error Message: BC30138: Unable to create temp file in path 'C:... |
|
| Unique identifier ? (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi there I have following problem in my web application i want to track every user logged currently in the system so far so good until now I've used SessionID until i've found following problem When I open new browser window from currently opened browser File/New/Window the sessionID is the same!:) may be this is normal but turns my logic upside down :) can anyone give me some advise about what un... |
|
| .DLL Soucre Code Question (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi All, I use .NET 1.1 vbc.exe command : vbc /r:xxx.dll /t:library test.vb to general a test.dll. This library provides some web custom controls for ASP.NET developer use. I don't use the vbc.exe option "/debug". Suppose I just only send test.dll file to other people use. Is it possible other people can see the test.dll source code with Visual Studio.net through debug mode ? Is there any other thi... |
|
| Delegation in ASP.NET (4 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, As the title suggests I have a question about delegation in ASP.NET. We have an ASP.NET application running on a web server which requires clients to authenticate via Windows Integrated authentication. We're running in a Win2K native mode domain and the clients are IE6 so we should be using Kerberos to authenticate. At some points the application needs to send an email on behalf of the client;... |
|
| Delegation in ASP.NET (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, As the title suggests I have a question about delegation in ASP.NET. We have an ASP.NET application running on a web server which requires clients to authenticate via Windows Integrated authentication. We're running in a Win2K native mode domain and the clients are IE6 so we should be using Kerberos to authenticate. At some points the application needs to send an email on behalf of the client;... |
|
| Windows Authentication - what happens when it's not available? (3 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi I'm developing an Intranet system for a client, and am looking at using Windows Authentication, so that the network users don't have to log onto the network and Intranet seperately. However, the client wants users to be able to access the information on the Intranet from home. To that end, the port would be open across the net. But if they try and access it from home, WA wouldn't know who they ... |
|
| Distribution groups & IsInRole & Windows Auth (2 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| I have searched and cannot find anything definitive. The IsInRole method looks at a pre populated set of groups which the identity has membership in. Does the .Net framework look at both membership in distribution and security groups when populating the set of groups, or does it only look at membership in security groups. I am having trouble seeing distribution group which I am a member of when ca... |
|
| Access is denied. / HTTP 500 – Internal server error (3 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, Looking for what I changed and how to correct. I have a Windows 2003 Sever that I have had running fine several .NET websites for over a year now. Today I decided to change my anonymous FTP site access from 'granted' and denied' IP addresses to 'not anonymousâ and require username password access. I created an â FTPGuestâ user account and gave it the file permissions I wanted. Tested the FTP s... |
|
| Debugging problem in Win 2000 prof. (2 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, System Config: Win 2000 Prof. ..Net Framework 1.0 I was working on an asp.net project and suddenly one morning after a restart of the system i started getting the following error: "Unable to start debugging on the web server. Server side error occurred on sending debug HTTP request." I have never installed any other versions of framework before or after. Also when i earlier installed it was .N... |
|
| URL Encryption (4 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, Is there a way to securely ecrypt and decrypte a URL? for e.g encrypting and decrypting using Triple DES algorithm. Are there any security implications? Another question: what is the best way to pass session variables between ASP.NET to ASP applications. Any help will be appreciated. Thanks, amir |
|
| Connect to Sql server using DSN? (4 replies, VIP) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, Is it posssible to connect to Sql Server using DSN? Thanks, Ben |
|
| Further DPAPI (user store) problems (7 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, I am trying to get the How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services example working on my dev machine. Many thanks to Nicole for solving the last problem I had with this. I can now start the DPAPI service, and once I have re registered the DPAPIComp.dll, I don't get problems accessing the registry entry for it's ProgID. However when I run the example web page to encrypt... |
|
| DPAPI Service Start access is denied (7 replies) |
| microsoft.public.dotnet.framework.aspnet.security |
| Hi, Following the procedures for "How To:Use DPAPI (User Store) from ASP.NET with Enterprise Services" from Building Secure ASP NET Applciations pdf, after installing the service, I try to start it, but get the error "Services Could not start the DPAPI Service server on Local Computer. Error 5: Access is denied". My OS is Windows XP Pro. The local account configured to run this service has "Log on... |
|